I have a server, running the OpenSSH daemon (sshd) in an unix environment. My server is actually a three-node cluster. This means I have a hostnanme (Digiport), which points to one of three active servers. To the remote client, the Digiport cluster is the only hostname they know. They may actually point to either digiport1, digiport2 or digiport3, each with its own "hostkey". The problem the clients experience, is if their key was initialized on digiport1, and we failover to digiport3, the users get an error, that warns them of the different key for digiport.

Manually you can accept the new key, and assume the risk yourself. The developers of the application using WinSCP to SFTP to the digiport server, wants to automate this, and assume the risk for DIGIPORT, as this is all "scripted" behind the scenes. The users are not aware of the technical process, and shouldn't have to acknowledge anything. There is security document that explains the technical portion, but the users do not need to be part of the process.

The question:

How can the user have three seperate keys for one set of clustered servers? Or:
How can the script automatically accept the new key, without being prompted?

How can the script automatically accept the new key, without being prompted?

Quote:

You cannot. And it is not planned as it is not a good idea at all.

I certainly understand the "risks", especially with spoofing, etc. I guess I wanted an "easy" fix, as we are on a classified, "low" risk network. In this environment, we can accept more risk, than say on the Unclassified environment. On the other hand, if we invalid all the built-in security, why bother with SSH? Point taken.

Do you have an estimated time-frame, version you expect the "clustered environment" will be incorporated?